Privacy Charter

Protecting your privacy is our main priority at Moaistone (hereinafter, ‘Moaistone’ or ‘We’). Which is why We commit to respect the personal data of our customers, potential customers and online users (hereinafter, ‘You’), to process Your data carefully and to ensure the best possible protection in accordance with the Regulation 2016/679 of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data (hereinafter, ‘GDPR’) and to all the other applicable legal or regulatory provisions.

This Privacy Charter is aimed to answer the following questions:

1. Who is processing your personal data?
2. Why do We process Your personal data and on what legal basis?
3. What are the personal data We process?
4. With whom do we share your personal data?
5. How long do we keep your personal data?
6. What rights do you have as regard Your personal data and how can You exercise these rights?
7. Are your personal data transferred abroad?
8. Would you like to contact us about this Charter on the protection of your personal data or would you like to submit a complaint to a data protection authority?
9. How can you find out whether this Charter on the protection of your personal data has been modified?
10. Explanatory glossary of the main legal terms used in this Charter

…………………………………………………………………………………………….

Last modification date: January 2020

1. Who is responsible for processing Your personal data?

SPRL Laurent, Résidence La Prairie 17, 7011 Ghlin, BCE 0401.185.664 (hereinafter ‘We’ or ‘Moaistone’), is the controller for Your personal data, as described in this Privacy Charter.

As the data controller (see the definition in the glossary, here under), We must respect various legal duties such as: the guarantee of Your rights, the security breach notification, the establishment of a register, etc.

You can address Us any question or request about the processing of Your personal data to the following e-mail address: info@moaistone.com

2. Why do We process Your personal data and on what legal basis?

We process Your personal data for various purposes, in accordance with one of the legal bases that have been determined by the GDPR (for instance, the respect of a legal duty to which We are subject or the execution of a contract concluded with You).

The table below more specifically lists the purposes for which Moaistone uses Your personal data and the corresponding legal basis.

Purposes for the collection and the processing of Your personal dataLegal basis for the processing of Your personal data

The management of the pre-contract relationships with potential customers
We process Your personal data in order to respond to enquiries You send Us about Our products and/or to various questions You send by mail (in particular by e-mail).

We have a legitimate interest to process the personal data of potential customers in order to respond to their demand and/or questions (Article 6.1.f of the GDPR). This may also include processing necessary for pre-contractual measures (cf. Article 6.1.b of the GDPR).

Marketing with regard to Our customers and potential customers, in particular:
* sending newsletter and promotional offers;
* sending newsletters, promotional offers and other personalised notifications (especially when browsing Our site) adapted to Your profile;
* sending requests to participate in satisfaction surveys.

We have a legitimate interest in processing the personal data of Our customers (in particular those obtained directly in the context of the sale of a product) to inform them about the products and the promotions available on the site.

In application of Article XII. 13 of the Economic Code, We process, after having obtained prior consent, the personal data relating to the electronic contact details of potential customers to inform them of the products and the promotions available on the site.

In order to provide You with the best possible experience, Moaistone can personalise Your e-mail, Your online experience and other notifications, provided that We obtained Your prior explicit consent (article 6.1.a of the GDPR). To that end, Your orders, and/or interactions with Moaistone will be analysed.

Customer and order management

We process personal data in order to carry out operations related to customer management: contracts; orders; deliveries; invoices; accounting and in particular the management of customer accounts.

The execution of a contract concluded with You (Article 6.1.b. of the GDPR).

Assessment of Our products, services and content

We have a legitimate interest to process Our customers’ personal data in order to identify the strengths and weaknesses of the products offered (article 6.1.f of the GDPR)

Dispute management

We have a legitimate interest in processing personal data for the purpose of defending Our interests, in particular, but not exclusively for the purpose of contesting or taking legal action (article 6.1.f of the GDPR). The execution of the contract concluded with You is the basis of the processing operation carried out for this purpose (article 6.1.b of the GDPR).

Statistics

‘Statistical purposes’ means any practice of collecting and processing of personal data, which is necessary for statistical surveys or the production of statistical results. These statistical results may also be used for various purposes, including improving Our programs and projects. Statistical purposes imply that the result of processing for statistical purposes does not allow any identification of those persons whose information has been used.

We have a legitimate interest in processing Our customers’ personal data in order to improve the services offered and to have a better understanding of its target audiences (Article 6.1.f. of the GDPR)

3. What are the personal data We process?

Below, the type of personal data We process, sorted by data collection purposes and methods (data provided directly by You, collected with Your consent or collected by Our IT systems)

Purpose of the collectionPersonal data collectedData collection methods

The management of the pre-contract relationships with potential customers, and of the assessment of Our products, services and content

  • Personal identification data (surname, first name, e-mail address, company, telephone number, order number, etc.)
  • Free fields and comment fields

In the context of this purpose, the data are collected directly from You.

Marketing with regard to Our customers and potential customers

  • Personal identification data (surname, first name, postal address, e-mail address, telephone number, etc.)
  • Electronic identification data (IP address, cookies, connection log, etc.)

As part of this purpose, the data are collected directly from You or indirectly via a third party to whom You have given consent to pass on Your data to Moaistone.

Customer relationship and order management

  • Personal identification data (surname, first name, postal address, e-mail address, telephone number, language, gender)
  • Data relating to the means of payment (postal or banking information, credit card number, expiry date of the credit card, card security code – the latter cannot be kept)
  • Transaction data (transaction number, details of the purchase of a product, etc.)
  • Data relating to the monitoring of the commercial relationship (products purchased, quantity, amount, periodicity, delivery address, history of purchases and service provisions, correspondences with the customer and after-sales service, exchanges and comments from customers, person – s – in charge of the customer relationship, etc.)
  • Data relating to the payment of invoices (terms of payment, discounts granted, receipts, balances and unpaid invoices, etc.)

In the context of this purpose, the data are collected directly from You.

Dispute management

  • All data from the different purposes
  • Data relating to offences, sentences or security measures, in particular: facts in dispute; information, documents and evidences gathered to prove facts likely to be blamed; characteristics of the dispute; date, nature, grounds, amounts and any staggering of sentences; comments on the description and follow-up of the procedure.

In the context of this purpose, the data are collected directly from You.

Statistics

  • Personal identification data
  • Electronic identification data
  • Data relating to the means of payment (postal or banking information, credit card number, expiry date of the credit card, card security code – the latter cannot be kept)
  • Transaction data (transaction number, details of the purchase of a product, etc.)
  • Data relating to the monitoring of the commercial relationship (products purchased, quantity, amount, periodicity, delivery address, history of purchases and service provisions, correspondences with the customer and after-sales service, exchanges and comments from customers, person – s – in charge of the customer relationship, etc.)
  • Data relating to the payment of invoices (terms of payment, discounts granted, receipts, balances and unpaid invoices, etc.)

In the context of this purpose, the data are collected directly from You.

4. With whom do We share Your personal data?

The communication of Your personal data to subcontractors
In order to carry out the purposes for which Moaistone uses Your personal data stated in points 2 and 3, Moaistone may assign some processing tasks to ‘subcontractors’.

SubcontractorsLocation of the subcontractorReasons for sharing Your personal data
DB Base Rue du marais 19 - 7830 Silly Serveur

The communication of Your personal data to government authorities, in response to legal requests, including requirements regarding national security or the application of the law (such as tax administration, etc.).

The communication of Your personal data to some third parties, including providers involved in the order fulfilment, such as carriers (to the extent necessary for fulfilling the contract) or debt collection agencies, in the context of dispute management (and having regard to Moaistone’s legitimate interest).

5. How long do We keep Your personal data?

Moaistone has laid down precise rules on the storage period for Your personal data. This storage period varies depending on the objectives pursued and has to take account of any legal duty to keep some of Your data.

Below, a list of the purposes of processing and the storage periods:

The purpose of processingStorage period

The management of the pre-contract relationships with potential customers

The expiry date is XX years from the last action/reaction of the data subject

Marketing

The expiry date is XX years from the last action/reaction of the data subject

Customer relationship management

The expiry date is ten years from the last placement of order

Dispute management

The expiry date is ten years from the last placement of order

6. What rights do You have as regards Your personal data and how can You exercise these rights?

We aim to inform You as clearly as We can about Your rights with regard to Your personal data. And We aim to ensure that You can easily exercise these rights. You may exercise Your rights with respect to and against Moaistone.

Please find below a summary of Your rights.
To exercise these rights, please contact Us by the e-mail to: info@moaistone.com or by letter to: Moaistone – Ets. Laurent, route de Wallonie 138, 7331 Baudour. Please indicate the subject of the request and provide all the relevant information (including Your contact details), and a copy of Your identity card. Unless You indicate otherwise, You will receive a response to Your request in an electronic format within one (1) month of receipt of the request, and within two (2) months if in-depth research has to be carried out to meet the request or if We receive an excessively large number of requests.
If Your request is imprecise or does not contain all the elements allowing Us to carry out the requested operations, We will invite You to provide them to Us as soon as possible.

Si votre demande est imprécise ou ne comporte pas tous les éléments Nous permettant de procéder aux opérations demandées, Nous vous inviterons à Nous les fournir dans les meilleurs délais.

A. Right of access

You can have access to all the following information with regard to:

  • The categories of personal data that We collect and process about You,
  • The reasons why We process these data,
  • The categories of people with whom We share or will share Your personal data and in particular those who are located outside Europe,
  • The periods for which Your personal data will be kept in our systems,
  • Your right to ask Us to correct or delete Your personal data or to limit the use that We make of Your personal data and Your right to object to this use,
  • Your right to submit a complaint to a data protection authority,
  • The information about the source, when We have not collected your personal data directly from You,
  • The way in which Your personal data are protected when they are transferred to countries outside Europe.
B. Right of correction

You can ask Ys to correct and/or update Your personal data.

C. The right to have data deleted

You can also ask us to delete the personal data that we process concerning You if You find Yourself in one of the following situations:

  • Your personal data are no longer necessary for the reasons why they were collected or processed in a different way;
  • You have withdrawn the consent on which the processing of Your personal data by Moaistone is based;
  • Because You believe, for a specific reason, that further processing would adversely affect Your privacy and could cause excessive damage;
  • You no longer wish to receive commercial offers from Us;
  • Your personal data are not processed in accordance with the GDPR and the Belgian law;
  • Your personal data have to be deleted to fulfil a legal duty laid down in the law of the European Union or the national law to which Moaistone is subject;

We may be unable to respond to Your request to exercise Your right to be forgotten. It is important to remember that this right is not absolute. We have to ensure that this right is balanced against other important rights and values, such as freedom of expression, compliance with a legal requirement to which We are subject or important reasons of public interest.

D. The right to object

You can object to the use of Your personal data for commercial requests, and more specifically advertisements.

You have the right to object to Our processing of Your personal data because You believe, for a specific reason, that further processing would adversely affect Your privacy and could cause excessive damage.

You cannot, under any circumstances, prevent Us from processing Your data:

    • if the processing is necessary to conclude or fulfil Your contract;
    • if the processing is required by a law or legal provision;
    • if the processing is necessary to be able to establish, exercise or assert Your rights before the courts.

However, We may not be able to respond to Your request. In that case, We will, of course, reply to You as clearly as possible.

E. The right to the transferability of data

This right offers You the possibility of controlling Your personal data more easily Yourself and more specifically:

  • retrieving Your personal data processed by Us for your personal use and for example storing them on a device or in a personal cloud.
  • Transferring Your personal data from Us to another company, either doing this Yourself or having it done directly by Us, on condition that such a transfer is ‘technically possible’.

This right relates to data provided actively and knowingly such as the data You provide (e.g. personal identifying information) and the data We collect.

Conversely, the personal data derived, calculated or put together from the information provided by You, are excluded from the right of transferability of data.

You should know that We have the right to refuse Your request for the transferability of data. In fact, this right only applies to personal data that were collected on the basis of Your consent or the performance of a contract concluded with You (to find out more specifically about the personal data that may be the subject of the right to the transferability of data: please refer to the point above). Moreover, this right may infringe the rights and freedoms of third parties, whose data may form part of the data which would be transferred further to the request for transferability.

F. Le droit à la limitation du traitement

Vous avez le droit de Nous demander la limitation du traitement de vos données, c’est-à-dire le marquage de vos données à caractère personnel enregistrées, en vue de limiter leur traitement futur (par exemple, un déplacement temporaire de vos données vers un autre système de traitement ou un verrouillage de vos données les rendant inaccessibles).

Vous pouvez exercer ce droit lorsque :

  • l’exactitude des données en question est contestée ;
  • vos données à caractère personnel ne sont pas traitées conformément au RGPD et à la législation applicable ;
  • les données ne sont plus nécessaires pour atteindre les finalités initialement prévues mais ne peuvent pas encore être supprimées pour des raisons juridiques (notamment pour la constatation, l'exercice ou la défense de vos droits en justice) ;
  • la décision relative à votre opposition au traitement est en cours.

En cas de limitation du traitement, vos données à caractère personnel ne feront plus l’objet d’un quelconque traitement sans votre accord préalable, à l’exception de leur conservation (stockage).

Vos données à caractère personnel pourront néanmoins encore être traitées pour la constatation, l'exercice ou la défense de droits en justice, ou pour la protection des droits d'une autre personne morale ou physique, ou encore pour des motifs importants d'intérêt public dans l’Union ou l’État membre.

En cas de limitation du traitement de certaines de vos données à caractère personnel, Nous vous tiendrons informé du moment auquel la mesure sera levée.

F. The right to limit processing

You have the right to ask Us to limit the processing of Your data, that is to say the marking of Your personal registered data, in order to limit future processing (for example, a temporary move of Your data to another processing system or a lock of Your data making them inaccessible).

You can call upon this right when:

  • the accuracy of the data in question is disputed;
  • Your personal data is not processed in accordance with the GDPR and the applicable law;
  • the data is no longer necessary to achieve the original purposes but cannot yet be removed for legal reasons (in particular for the ascertainment, the execution or defence of Your rights in court);
  • the decision regarding Your request to limit processing is in progress.

In case of processing limitations, Your personal data will no longer be subject to any treatment without Your prior consent, with the exception of their storage.

Your personal data may nevertheless still be processed for the purpose of ascertaining, exercising or defending legal rights, or for the protection of the rights of another legal or natural person, or for important reasons of public interest in the Union or the Member State.

In case of the limitation of the treatment of some of Your personal data, We will keep you informed about the timing when the measures are lifted.

7. Are Your personal data transferred abroad?

Data transfer within Europe

For the purpose of certain processing operations, some data are transferred to the territory of the European Union (see point 4.1).

Within the European Economic Area (EU member states, Iceland, Norway, Liechtenstein) remember that personal data will benefit from the same level of protection.

We do not transfer any of Your personal data outside the territory of the European Union or the European economic area.

8. Would You like to contact Us about this Charter on the protection of Your personal data or would You like to submit a complaint to a data protection authority?

Do You have a question or a suggestion about this Charter on the protection of Your personal data?
Do not hesitate to pass this on to Us by contacting Us by e-mail to: info@moaistone.com or by letter to: Ets. Laurent, route de Wallonie 138, 7331 Baudour.
We will be pleased to read from You and reply as soon as possible.
Do You think We do not protect your personal data sufficiently?
If You think Moaistone does not process your personal data in accordance with the GDPR and the applicable law, You have the right to submit a complaint to a data protection authority:

  • The data protection authority of the European country in which You are usually resident, or
  • The data protection authority of the European country in which You work, or
  • The data protection authority of the European country in which the infringement of the GDPR was committed.

In Belgium, the contact details of the Data Protection Authority are:

The Belgian Data Protection Authority
Rue de la presse 35, 1000 Bruxelles

+32 (0)2 274 48 00
+32 (0)2 274 48 35
contact(at)apd-gba.be

9. How can You find out whether this Charter on the protection of Your personal data has been modified?

This Charter on the protection of Your personal data may be modified at any time, in particular to take account of any legal or statutory changes.
Any major changes that may be made will be announced via Our website or by e-mail, as far as possible at least thirty days before they come into force.
When We publish modifications to this Charter, We will adapt the date of the ‘most recent update’ at the top of the confidentiality policy and describe the modifications on the page entitled ‘My personal data processing and my rights related to it’.
We advise You to consult this Charter regularly to find out how We protect Your personal data.

10. Explanatory glossary of the main legal terms used in this Charter

Terms that are often used in this CharterDefinitions provided by the GDPRExplanation of the terms in standard language

Data of a personal nature (hereinafter ‘personal data’)

Any information relating to an identified or identifiable natural person; an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier, or one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.

All sorts of information relating to a natural person, that is an individual (You) who can be identified as a person, directly or indirectly who can be distinguished from other people.

For example: a name, a photo, a fingerprint, an e-mail address, a telephone number, a social security number, an IP address, a voice mail, your browsing data on a website, data relating to an online purchase, etc.

Data Protection Officer

The Data Protection Officer (DPO) is not defined in the GDPR.

The Data Protection Officer is particularly in charge of the application of the GDPR and the applicable national law as well as our policies and practices for managing your personal data, within the company. He/she is also in charge of the co-operation with the supervisory authority. The DPO is your point of contact for any request relating to your personal data.

Processing

An operation or set of operations which are performed on personal data or sets of personal data, whether or not by automated means, such collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.

Any use of personal data, regardless of the procedure involved (recording, organisation, storage, adaptation, alignment with other data, transmission, etc. of personal data).

For example, the use of your data to manage an order, a delivery, send a newsletter, etc.

Controller

The natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data.

The person, public authority, company or body which manages your data and determines how they are used. He/she decides whether to start or discontinue processing and determines why your data will be processed and to whom they will be transferred. He/she is the main party responsible for ensuring the protection of your data.

Subcontractors

The natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller.

Any natural or legal person that performs processing tasks following the instructions and under the responsibility of the controller.

Explanatory glossary of the other terms used in this Charter:

Customer

A natural person (acting in the capacity of consumers or professional) with whom we visit the Site or with whom we already maintained a contractual relationship (in particular the purchase of a product on our website or by another means of communication).